Merge pull request #1045 from MicrosoftDocs/main

Merging main into live to publish app installer page live

Author: drewbatgit

ThirdPartyNotices

@@ -9,7 +9,7 @@ may be either trademarks or registered trademarks of Microsoft in the United Sta
 The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks.
 Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
 
-Privacy information can be found at https://privacy.microsoft.com/en-us/
+Privacy information can be found at https://privacy.microsoft.com/
 
 Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents,
 or trademarks, whether by implication, estoppel or otherwise.

msix-src/app-installer/How-to-create-custom-app-installer-ux.md

@@ -1,17 +1,12 @@
 ---
 title: How to create a custom App Installer UX
 description: A document describing how to create the custom UX xml file and how to add it to your MSIX package to create a custom look and feel for your App Installer installs.
-author: sharlaakers
-ms.author: shakers # Microsoft employees only
 ms.date: 9/30/2021
 ms.topic: article
 ---
 
 # How to create a custom App Installer experience
 
-> [!NOTE]
-> This App Installer feature has been temporarily rolled back and will not work right now. Please check back later for further updates as we plan to bring this feature back. 
-
 The App Installer App is used for all MSIX installations providing a consistent experience for all users installing an MSIX application. While this consistency is good, we want to also provide the ability for developers to customize the install experience that they are providing to their users. This feature is available on Windows 10 1709 and later.
 
 ## Create your custom MSIXAppInstallerData.xml file

msix-src/app-installer/app-installer-authentication-manager--overview.md

@@ -20,4 +20,4 @@ If authentication is required, the URI targeting the installation media must pro
 > 1.  The values of each field must be URL-encoded, that is with non-printing characters and spaces. The use of question mark ("?") to separate the main Source from the field values, and ampersands ("&") to separate each subsequent fields in the `ms-appinstaller:`.
 >     Example: `ms-appinstaller:?source=https://website.com/app.msix&msixauth=aad`
 > 
-> 2. The *ms-appinstaller* URI (Uniform Resource Identifier) scheme (protocol) is disabled by default. But it can be enabled by an IT professional (an administrator). To enable *ms-appinstaller* on your network, set the Group Policy **EnableMSAppInstallerProtocol** (/windows/client-management/mdm/policy-csp-desktopappinstaller) to enabled (see [Policy CSP - DesktopAppInstaller](/windows/client-management/mdm/policy-csp-desktopappinstaller#enablemsappinstallerprotocol)). For more info, see [Installing Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
+> 2.The ability to use the *ms-appinstaller* URI (Uniform Resource Identifier) scheme (protocol) can be controlled by an IT professional (an administrator). To enable *ms-appinstaller* on your network, set the Group Policy **EnableMSAppInstallerProtocol** (/windows/client-management/mdm/policy-csp-desktopappinstaller) to enabled (see [Policy CSP - DesktopAppInstaller](/windows/client-management/mdm/policy-csp-desktopappinstaller#enablemsappinstallerprotocol)). For more info, see [Installing Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).

msix-src/app-installer/app-installer-documentation.md

@@ -14,7 +14,7 @@ The [PackageManager](/uwp/api/windows.management.deployment.packagemanager) and
 |  Method  |  Description | Minimum supported release |
 |----------|--------------|-------------------|
 |  [PackageManager.AddPackageByAppInstallerFileAsync](/uwp/api/windows.management.deployment.packagemanager.addpackagebyappinstallerfileasync)  | Allows single or multiple app packages to be installed with an .appinstaller file. | Windows 10 Fall Creators Update (version 1709, build 16299)   |
-|  [PackageManager.RequestAddPackageByAppInstallerFileAsync](/uwp/api/windows.management.deployment.packagemanager.requestaddpackagebyappinstallerfileasync)  | Allows single or multiple app packages to be installed with an .appinstaller file. This will perform a SmartScreen filter and user verification before installing the app package(s). | Windows 10 Fall Creators Update (version 1709, build 16299)       |
+|  [PackageManager.RequestAddPackageByAppInstallerFileAsync](/uwp/api/windows.management.deployment.packagemanager.requestaddpackagebyappinstallerfileasync)  | Allows single or multiple app packages to be installed with an .appinstaller file. | Windows 10 Fall Creators Update (version 1709, build 16299)       |
 |  [Package.GetAppInstallerInfo](/uwp/api/windows.applicationmodel.package.getappinstallerinfo)  | Returns the .appinstaller xml file location. This allows app developers to retrieve the .appinstaller xml file location when needed by their app. | Windows 10, version 1809 (build 17763) |
 |  [Package.CheckUpdateAvailabilityAsync](/uwp/api/windows.applicationmodel.package.checkupdateavailabilityasync)  | Checks for updates to the main app package listed in the .appinstaller file. It allows the developer to determine if the updates are required due to .appinstaller policy. This method currently only works for applications installed via .appinstaller files. | Windows 10, version 1809 (build 17763) |
 

msix-src/app-installer/app-installer-root.md

@@ -20,6 +20,7 @@ To learn how to use the App Installer to install your app, see the topics in the
 
 | Topic | Description |
 |-------|-------------|
+| [App Installer user interface](app-installer-ui-dialog.md) | Understand the various components of the default App Installer interface. |
 | [App Installer file overview](app-installer-file-overview.md) | Learn about the contents of App Installer files and how they work. |
 | [Create an App Installer file in Visual Studio](create-appinstallerfile-vs.md)| Learn how to use Visual Studio to enable automatic updates using the .appinstaller file. |
 | [Create an App Installer file manually](how-to-create-appinstaller-file.md)| Learn how to create an .appinstaller file manually. This is particularly useful for installing a related set that contains a main package and optional packages. |
@@ -30,6 +31,7 @@ To learn how to use the App Installer to install your app, see the topics in the
 | [Troubleshoot installation issues with the App Installer file](troubleshoot-appinstaller-issues.md) | Common issues and solutions when sideloading applications with the App Installer file. |
 | [Related documentation](app-installer-documentation.md) | Provides links to related documentation, including APIs that you can use to modify packages via App Installer files or to retrieve information about apps with an App Installer association.  |
 | [App Installer file (.appinstaller) reference](/uwp/schemas/appinstallerschema/app-installer-file?context=%252fwindows%252fmsix%252frender) | View the full XML schema for the App Installer file. |
+| [App Installer security features](app-installer-security-features.md) | Describes security features associated with the App Installer.|
 
 ## Tutorials
 

msix-src/app-installer/app-installer-security-features.md

@@ -0,0 +1,80 @@
+---
+title: App Installer Security Features
+description: This article provides information on the security features provided by the App Installer.
+ms.date: 7/1/2024
+ms.topic: article
+keywords: windows 10, uwp, app installer, AppInstaller, sideload
+ms.custom: 19H1
+---
+
+# App Installer Security Features
+
+Build 1.24.1981 introduced the following App Installer security features:
+
+* Internet warning
+* Microsoft SmartScreen Reputation-based URL Validation
+* URL Security Zones
+
+## Internet Warning
+
+App Installer displays a warning banner to the user whenever the user is installing a package from the internet. When the internet warning is shown, users should be careful to verify that the source listed on the dialog is trusted.
+
+![A screenshot showing a Microsoft SmartScreen internet warning. It's an installation confirmation dialog. At the bottom of the pane, a badge icon with an exclamation point is next to a warning that reads "Internet applications can potentially harm your computer. If you do not trust the source, do not install this software".](./images/app-installer-ui-dialog-update.png)
+
+Installing software from an untrusted site on the internet can be risky and expose you to malware and other exploits. For more information, see [Protect yourself from online scams and attacks](https://support.microsoft.com/office/protect-yourself-from-online-scams-and-attacks-0109ae3f-fe61-4262-8dce-2ee3cd43bac7)
+
+## Microsoft SmartScreen Reputation-based URL Validation
+
+The App Installer now takes advantage of [Microsoft SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/) to help users make informed decsions before installing software.
+Prior to downloading a package from an Internet source, App Installer will consult Microsoft SmartScreen's URL Reputation service. 
+
+![A screenshot showing a Microsoft SmartScreen reputation-based URL validation error. The title of the dialog is "SmartScreen validation unsuccessful!" and the explanation text below says "This application was blocked as unsafe by Microsoft Defender SmartScreen. If you choose to continue, this application may not be safe to install."](./images/app-installer-smart-screen.png)
+
+When presented with this error, the user can choose to **Cancel** or **Continue** (Not recommended).
+
+Clicking continue will allow App Installer to open the package for installation.
+
+## URL Security Zones
+In addition to enabling and disabling the MS-AppInstaller protocol, IT Professionals can now prevent users from installing apps from URIs that the enterprise does not allow. IT Pros can disable installation from specific URL Security Zones.
+
+When a user attempts to open a blocked URL, they will be presented with the following dialog.
+
+![A screenshot of an URL Security Zone error. The title of the dialog says "Your internet security settings prevented this file from being opened". The explanation text below states "The application you are attempting to access has been blocked by your administrator."](./images/app-installer-zone-error.png)
+
+### Configuring App Installers Zone
+
+**EnableMSAppInstallerProtocol**
+The entry *EnableMSAppInstallerProtocol* allows the IT Professionals to enable or disable the MS-AppInstaller protocol.
+Enabled: <code>HKLM:\Software\Policies\Microsoft\Windows\AppInstaller EnableMSAppInstallerProtocol=1'</code>
+
+**EnableMsixAllowedZones**
+
+If *EnableMsixAllowedZones* is enabled (set to "1"), you will have the option to override whether App Installer allows a Security Zone or not.
+
+Enabled: <code>'HKLM:\Software\Policies\Microsoft\Windows\AppInstaller" EnableMsixAllowedZones=1'</code>
+
+**MsixAllowedZones**
+
+When the *EnableMsixAllowedZones* is enabled, the App Installer will look to honor the restrictions specified in *MsixAllowedZones*. By default, the URLs in the *UntrustedSites* security zone will be rejected and all other zones will be allowed.
+
+Allow zone: <code>HKLM:\Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" UntrustedSites=1</code>
+
+### Zone data
+
+| Security Zone | Default | Detail 
+| --- | --- | --- 
+| Local Machine | Allow | Setting to *Blocked* will prevent any local MSIX from being installed.
+| Intranet | Allow | Setting to *Blocked* will prevent files from enterprise servers from being downloaded and installed.
+| Trusted Sites | Allow | When set to *Allow*, allows the IT professional to allow specific Internet URIs.
+| Internet | Allow | When set to *Allow*, allows the IT professional to restrict installing apps from all Internet URIs.
+| Untrusted Sites | Blocked | When set to *Blocked*, allows the IT professional to block specific Internet URIs.
+
+
+## App Installer CSP Security Zones
+The App Installer access to URL Security Zones is controlled by the [DesktopAppinstaller CSP](/windows/client-management/mdm/policy-csp-desktopappinstaller#enableappinstaller). If an App Installer attempts to load a URL from a zone that is blocked, the user will be presented with an error.
+
+![This image is identical to the URL Security Zone Error image earlier in the page. A screenshot of an URL Security Zone error. The title of the dialog says "Your internet security settings prevented this file from being opened". The explanation text below states "The application you are attempting to access has been blocked by your administrator."](./images/app-installer-zone-error.png)
+
+IT Professionals can add sites to the Restricted or Trusted Sites Zone by use of the [policy-csp-internetexplorer](/windows/client-management/mdm/policy-csp-internetexplorer). If a URL appears in a zone that is blocked, the App Installer will block installation.
+
+

msix-src/app-installer/app-installer-ui-dialog.md

@@ -0,0 +1,61 @@
+---
+title: App Installer Dialog Elements
+description: This article provides information on the App Installer dialog.
+ms.date: 7/1/2024
+ms.topic: article
+keywords: windows 10, uwp, app installer, AppInstaller, sideload
+ms.custom: 19H1
+---
+
+# App Installer User Interface
+The App Installer provides the user interface for installation of [MSIX packages](/windows/msix/overview). The interface is defined to provide the user with critical information about the package in order to make an informed decision about installing the application.
+
+The App Installer interface consist of the following features:
+
+* Application name
+* Application icon
+* Microsoft Store signature
+* Publisher name
+* Version
+* Source
+* Capabilities
+* Internet warning notification
+* Install and Cancel buttons
+* Launch when ready
+
+![Smart Dialog](./images/app-installer-ui-dialog.png)
+
+## Application name
+The application name is provided by the app author, and extracted from the [MSIX file.](/windows/msix/overview)
+
+## Microsoft Store signature
+If the dialog shows the string, "Microsoft Store App", you know the application has been successfully built and distributed through the Microsoft Store. Microsoft Store Signed Apps have been tested and comply with the [Microsoft Store Policies](/windows/apps/publish/store-policies)
+
+## Publisher name and Version
+The publisher name and version are provided by the app author, and extracted from the [MSIX file.](/windows/msix/overview)
+
+## Source
+
+The source provides the domain of the URL that the package was sourced from. This allows the user to decide whether they trust the source when deciding whether to install the package.
+
+## Capabilities
+The listing of the [capabilities](/windows/uwp/packaging/app-capability-declarations) allows the user to evaluate what the application can access on your PC before installing it. If the application is accessing a capability you do not agree with, it is recommended you choose cancel.
+
+## Install and Cancel buttons
+
+The Install and Cancel buttons will generally be provided when installing applications. If you are downgrading an application or reinstalling the application, the text of the Install button will change to Reinstall.
+
+The Cancel button closes the dialog without making any changes.
+
+## Launch when ready
+
+Because the App Installer improves the installation process, it can automatically start the app following installation. This is a check box control the user can uncheck.
+
+## Internet Warning
+
+App Installer will display an internet application warning for applications that come from the internet. This warning informs the user to use caution when installing this application. As with any application installed from the internet, the user must use caution. Only install apps from trusted sources, such as Microsoft Store, and be thoughtful about which apps you install. 
+See [Protect your PC from unwanted software](https://support.microsoft.com/windows/protect-your-pc-from-unwanted-software-074a2d74-02db-03dd-8340-9e1822377856) for more information.
+
+
+
+

msix-src/app-installer/create-appinstallerfile-vs.md

@@ -10,6 +10,9 @@ ms.custom: "RS5, seodec18"
 # Create an App Installer file with Visual Studio
 
 Starting with Windows 10, Version 1803, and Visual Studio 2017, Update 15.7, sideloaded apps can be configured to receive automatic updates using an `.appinstaller` file. Visual Studio supports enabling these updates.
+> [!Note]
+> The ability to use the *ms-appinstaller* URI (Uniform Resource Identifier) scheme (protocol) can be controlled by an IT professional (an administrator). To enable *ms-appinstaller* on your network, set the Group Policy **EnableMSAppInstallerProtocol** (/windows/client-management/mdm/policy-csp-desktopappinstaller) to enabled (see [Policy CSP - DesktopAppInstaller](/windows/client-management/mdm/policy-csp-desktopappinstaller#enablemsappinstallerprotocol)). For more info, see [Installing Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
+
 
 ## App Installer file location
 The `.appinstaller` file can be hosted in a shared location like a HTTP endpoint or a UNC shared folder, and includes the path to find the app packages to be installed. Users install the app from the shared location and enable periodic checks for new updates. 

msix-src/app-installer/images/app-installer-smart-screen.png

@@ -91,3 +91,5 @@ ms-appinstaller:?source=https://contoso.com/myapp.appinstaller&activationUri=my-
 ```html
 ms-appinstaller:?source=https://contos.com/myapp.msix&activationUri=my-custom-protocol:?my-parameter=my-param-value
 ```
+> [!NOTE]
+> The ability to use the *ms-appinstaller* URI (Uniform Resource Identifier) scheme (protocol) can be controlled by an IT professional (an administrator). To enable *ms-appinstaller* on your network, set the Group Policy **EnableMSAppInstallerProtocol** (/windows/client-management/mdm/policy-csp-desktopappinstaller) to enabled (see [Policy CSP - DesktopAppInstaller](/windows/client-management/mdm/policy-csp-desktopappinstaller#enablemsappinstallerprotocol)). For more info, see [Installing Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).